Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1302 (GCVE-0-2018-1302)
Vulnerability from cvelistv5
Published
2018-03-26 15:00
Modified
2024-09-17 02:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Possible write of after free on HTTP/2 stream shutdown
Summary
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: 2.4.17 to 2.4.29 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"name": "103528",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103528"
},
{
"name": "1040567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040567"
},
{
"name": "USN-3783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.4.17 to 2.4.29"
}
]
}
],
"datePublic": "2018-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Possible write of after free on HTTP/2 stream shutdown",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:53",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"name": "103528",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103528"
},
{
"name": "1040567",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040567"
},
{
"name": "USN-3783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "RHSA-2019:0366",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2018-1302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.17 to 2.4.29"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible write of after free on HTTP/2 stream shutdown"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"name": "103528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103528"
},
{
"name": "1040567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040567"
},
{
"name": "USN-3783-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1302",
"datePublished": "2018-03-26T15:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T02:41:36.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1302\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-03-26T15:29:00.477\",\"lastModified\":\"2024-11-21T03:59:34.710\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.\"},{\"lang\":\"es\",\"value\":\"Cuando un flujo de datos o stream HTTP/2 se destruye despu\u00e9s de haber sido manipulado, el servidor Apache HTTP en versiones anteriores a la 2.4.30 podr\u00eda escribir un puntero NULL en una memoria ya liberada. Los bloques de memoria mantenidos por el servidor hacen que sea dif\u00edcil que esta vulnerabilidad tenga lugar en configuraciones normales, el informador y el equipo no pod\u00edan reproducirla fuera de builds de depuraci\u00f3n, por lo que se clasifica como de riesgo bajo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.29\",\"matchCriteriaId\":\"141CBF55-E282-4A6B-9A97-48941A85B723\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15BCF1-1B1D-49D8-9B76-46DCB10044DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7A6697-98CC-4E36-93DB-B7160F8399F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADFF451-740F-4DBA-BD23-3881945D3E40\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2018/03/24/5\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103528\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040567\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3783-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2018/03/24/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040567\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180601-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3783-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2019-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2019:0366
Vulnerability from csaf_redhat
Published
2019-02-18 16:55
Modified
2025-08-04 12:06
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update
Notes
Topic
Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details
This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
Security Fix(es):
* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)
* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)
* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)
* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)
* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)
* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)
* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)
* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)
* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)
* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)
Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.
The CVE-2018-1000168 issue was discovered by The Nghttp2 Project.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 Service Pack 1 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.29 Service Pack 1 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.29, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* db4: libdb: Reads DB_CONFIG from the current working directory (CVE-2017-10140)\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n* httpd: Out of bound access after failure in reading the HTTP request (CVE-2018-1301)\n* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)\n* httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name (CVE-2017-15715)\n* httpd: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause a denial of service (CVE-2018-1303)\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n* httpd: mod_http2: too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n* mod_jk: connector path traversal due to mishandled HTTP requests in httpd (CVE-2018-11759)\n* nghttp2: Null pointer dereference when too large ALTSVC frame is received (CVE-2018-1000168)\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe CVE-2018-1000168 issue was discovered by The Nghttp2 Project.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0366",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1464032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464032"
},
{
"category": "external",
"summary": "1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0366.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update",
"tracking": {
"current_release_date": "2025-08-04T12:06:59+00:00",
"generator": {
"date": "2025-08-04T12:06:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:0366",
"initial_release_date": "2019-02-18T16:55:17+00:00",
"revision_history": [
{
"date": "2019-02-18T16:55:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-18T16:55:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T12:06:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10140",
"discovery_date": "2017-06-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1464032"
}
],
"notes": [
{
"category": "description",
"text": "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libdb: Reads DB_CONFIG from the current working directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of libdb as shipped with Red Hat Satellite 6.0, 6.1 and 6.2. This package no longer ships with Satellite 6.3. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-10140"
},
{
"category": "external",
"summary": "RHBZ#1464032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-10140",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-10140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10140"
}
],
"release_date": "2017-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"category": "workaround",
"details": "Do not use an application using libdb if an untrusted user can create a DB_CONFIG file in its working directory.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libdb: Reads DB_CONFIG from the current working directory"
},
{
"cve": "CVE-2017-15710",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560599"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "RHBZ#1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values"
},
{
"cve": "CVE-2017-15715",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560614"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\n\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7\u0027s httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "RHBZ#1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name"
},
{
"cve": "CVE-2018-0739",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561266"
}
],
"notes": [
{
"category": "description",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "RHBZ#1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180327.txt",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
],
"release_date": "2018-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service"
},
{
"cve": "CVE-2018-1283",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560395"
}
],
"notes": [
{
"category": "description",
"text": "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "RHBZ#1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications"
},
{
"cve": "CVE-2018-1301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560643"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds access after failure in reading the HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "RHBZ#1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds access after failure in reading the HTTP request"
},
{
"cve": "CVE-2018-1302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560625"
}
],
"notes": [
{
"category": "description",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free on HTTP/2 stream shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "RHBZ#1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1302"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Use-after-free on HTTP/2 stream shutdown"
},
{
"cve": "CVE-2018-1303",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560399"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "RHBZ#1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1303"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS"
},
{
"cve": "CVE-2018-1312",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560634"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Weak Digest auth nonce generation in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "RHBZ#1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1312"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Weak Digest auth nonce generation in mod_auth_digest"
},
{
"cve": "CVE-2018-1333",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1605048"
}
],
"notes": [
{
"category": "description",
"text": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1333"
},
{
"category": "external",
"summary": "RHBZ#1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS"
},
{
"cve": "CVE-2018-11759",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645589"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "RHBZ#1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11759"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd"
},
{
"cve": "CVE-2018-11763",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633399"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "RHBZ#1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames"
},
{
"acknowledgments": [
{
"names": [
"the Nghttp2 project"
]
}
],
"cve": "CVE-2018-1000168",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1565035"
}
],
"notes": [
{
"category": "description",
"text": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: Null pointer dereference when too large ALTSVC frame is received",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000168"
},
{
"category": "external",
"summary": "RHBZ#1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000168",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
}
],
"release_date": "2018-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:55:17+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nghttp2: Null pointer dereference when too large ALTSVC frame is received"
}
]
}
rhsa-2019:0367
Vulnerability from csaf_redhat
Published
2019-02-18 16:58
Modified
2025-08-04 12:06
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Notes
Topic
An update is now available for JBoss Core Services on RHEL 6 and RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.
Security Fixes:
* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
* httpd: Weak Digest auth nonce generation in mod_auth_digest
(CVE-2018-1312)
* httpd: Out of bound access after failure in reading the HTTP request
(CVE-2018-1301)
* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)
* httpd: <FilesMatch> bypass with a trailing newline in the file name
(CVE-2017-15715)
* httpd: Out of bound write in mod_authnz_ldap when using too small
Accept-Language values (CVE-2017-15710)
* httpd: Out of bounds read in mod_cache_socache can allow a remote
attacker to cause a denial of service (CVE-2018-1303)
* httpd: Improper handling of headers in mod_session can allow a remote
user to modify session data for CGI applications (CVE-2018-1283)
* httpd: mod_http2: too much time allocated to workers, possibly leading to
DoS (CVE-2018-1333)
* mod_jk: connector path traversal due to mishandled HTTP requests in httpd
(CVE-2018-11759)
* nghttp2: Null pointer dereference when too large ALTSVC frame is received
(CVE-2018-1000168)
* openssl: Handling of crafted recursive ASN.1 structures can cause a stack
overflow and resulting denial of service (CVE-2018-0739)
Details around each issue, including information about the CVE, severity of
the issue, and the CVSS score, can be found on the CVE pages listed in the
Reference section below.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for JBoss Core Services on RHEL 6 and RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 1 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section.\n\nSecurity Fixes:\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest\n(CVE-2018-1312)\n\n* httpd: Out of bound access after failure in reading the HTTP request\n(CVE-2018-1301)\n\n* httpd: Use-after-free on HTTP/2 stream shutdown (CVE-2018-1302)\n\n* httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name\n(CVE-2017-15715)\n\n* httpd: Out of bound write in mod_authnz_ldap when using too small\nAccept-Language values (CVE-2017-15710)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote\nattacker to cause a denial of service (CVE-2018-1303)\n\n* httpd: Improper handling of headers in mod_session can allow a remote\nuser to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: mod_http2: too much time allocated to workers, possibly leading to\nDoS (CVE-2018-1333)\n\n* mod_jk: connector path traversal due to mishandled HTTP requests in httpd\n(CVE-2018-11759)\n\n* nghttp2: Null pointer dereference when too large ALTSVC frame is received\n(CVE-2018-1000168)\n\n* openssl: Handling of crafted recursive ASN.1 structures can cause a stack\noverflow and resulting denial of service (CVE-2018-0739)\n\nDetails around each issue, including information about the CVE, severity of\nthe issue, and the CVSS score, can be found on the CVE pages listed in the\nReference section below.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0367",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0367.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
"tracking": {
"current_release_date": "2025-08-04T12:06:50+00:00",
"generator": {
"date": "2025-08-04T12:06:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2019:0367",
"initial_release_date": "2019-02-18T16:58:59+00:00",
"revision_history": [
{
"date": "2019-02-18T16:58:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-18T16:58:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T12:06:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk@1.2.46-1.redhat_1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-6.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-35.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-6.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24@1-6.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-manual@2.4.29-35.jbcs.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-9.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-9.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-14.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-3.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-35.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-35.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-35.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-1.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-1.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-1.redhat_1.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-3.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-31.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-31.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-24.jbcs.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-9.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-9.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-14.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-3.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-35.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-35.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-35.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-1.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-1.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-1.redhat_1.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-3.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-31.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-31.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-24.jbcs.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-debuginfo@1.29.0-9.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2-devel@1.29.0-9.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"product_id": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.29.0-9.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-static@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-debuginfo@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-devel@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-perl@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"product_id": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-openssl-libs@1.0.2n-14.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.1.0-3.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.1.0-3.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ssl@2.4.29-35.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_proxy_html@2.4.29-35.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-debuginfo@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-devel@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-tools@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-httpd-selinux@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_session@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_ldap@2.4.29-35.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-manual@1.2.46-1.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-ap24@1.2.46-1.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_jk-debuginfo@1.2.46-1.redhat_1.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native-debuginfo@1.3.8-3.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-mod_cluster-native@1.3.8-3.Final_redhat_2.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr@1.6.3-31.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-debuginfo@1.6.3-31.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-devel@1.6.3-31.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-pgsql@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-odbc@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-debuginfo@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-mysql@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-ldap@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-nss@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-openssl@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-sqlite@1.6.1-24.jbcs.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apr-util-devel@1.6.1-24.jbcs.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64 as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch as a component of Red Hat JBoss Core Services on RHEL 6 Server",
"product_id": "6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-0:1-6.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-0:1-6.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64 as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JBCS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch as a component of Red Hat JBoss Core Services on RHEL 7 Server",
"product_id": "7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JBCS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560599"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "RHBZ#1560599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15710"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15710"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values"
},
{
"cve": "CVE-2017-15715",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560614"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\n\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7\u0027s httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "RHBZ#1560614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-15715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15715"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15715"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name"
},
{
"cve": "CVE-2018-0739",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1561266"
}
],
"notes": [
{
"category": "description",
"text": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0739"
},
{
"category": "external",
"summary": "RHBZ#1561266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561266"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0739"
},
{
"category": "external",
"summary": "https://www.openssl.org/news/secadv/20180327.txt",
"url": "https://www.openssl.org/news/secadv/20180327.txt"
}
],
"release_date": "2018-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service"
},
{
"cve": "CVE-2018-1283",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560395"
}
],
"notes": [
{
"category": "description",
"text": "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "RHBZ#1560395",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1283"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications"
},
{
"cve": "CVE-2018-1301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560643"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds access after failure in reading the HTTP request",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "RHBZ#1560643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1301"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1301"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Out of bounds access after failure in reading the HTTP request"
},
{
"cve": "CVE-2018-1302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560625"
}
],
"notes": [
{
"category": "description",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Use-after-free on HTTP/2 stream shutdown",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "RHBZ#1560625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1302"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Use-after-free on HTTP/2 stream shutdown"
},
{
"cve": "CVE-2018-1303",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560399"
}
],
"notes": [
{
"category": "description",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "RHBZ#1560399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1303",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1303"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1303"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS"
},
{
"cve": "CVE-2018-1312",
"cwe": {
"id": "CWE-305",
"name": "Authentication Bypass by Primary Weakness"
},
"discovery_date": "2018-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560634"
}
],
"notes": [
{
"category": "description",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Weak Digest auth nonce generation in mod_auth_digest",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "RHBZ#1560634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1312",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1312"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1312"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: Weak Digest auth nonce generation in mod_auth_digest"
},
{
"cve": "CVE-2018-1333",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1605048"
}
],
"notes": [
{
"category": "description",
"text": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1333"
},
{
"category": "external",
"summary": "RHBZ#1605048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1333",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333"
}
],
"release_date": "2018-07-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS"
},
{
"cve": "CVE-2018-11759",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2018-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1645589"
}
],
"notes": [
{
"category": "description",
"text": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11759"
},
{
"category": "external",
"summary": "RHBZ#1645589",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645589"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11759",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11759"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11759"
}
],
"release_date": "2018-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mod_jk: connector path traversal due to mishandled HTTP requests in httpd"
},
{
"cve": "CVE-2018-11763",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1633399"
}
],
"notes": [
{
"category": "description",
"text": "In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11763"
},
{
"category": "external",
"summary": "RHBZ#1633399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633399"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11763"
}
],
"release_date": "2018-09-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: DoS for HTTP/2 connections by continuous SETTINGS frames"
},
{
"acknowledgments": [
{
"names": [
"the Nghttp2 project"
]
}
],
"cve": "CVE-2018-1000168",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1565035"
}
],
"notes": [
{
"category": "description",
"text": "nghttp2 version \u003e= 1.10.0 and nghttp2 \u003c= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in \u003e= 1.31.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nghttp2: Null pointer dereference when too large ALTSVC frame is received",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000168"
},
{
"category": "external",
"summary": "RHBZ#1565035",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565035"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000168",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
}
],
"release_date": "2018-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-02-18T16:58:59+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el6.noarch",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.src",
"6Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.i686",
"6Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el6.x86_64",
"6Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el6.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-0:1-6.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.1.0-3.redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-debuginfo-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-devel-0:1.6.3-31.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-apr-util-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-debuginfo-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-devel-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-ldap-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-mysql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-nss-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-odbc-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-openssl-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-pgsql-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-apr-util-sqlite-0:1.6.1-24.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-httpd-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-debuginfo-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-devel-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-manual-0:2.4.29-35.jbcs.el7.noarch",
"7Server-JBCS:jbcs-httpd24-httpd-selinux-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-httpd-tools-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.8-3.Final_redhat_2.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-0:1.2.46-1.redhat_1.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-mod_jk-ap24-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-debuginfo-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_jk-manual-0:1.2.46-1.redhat_1.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ldap-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_proxy_html-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_session-0:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-mod_ssl-1:2.4.29-35.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-nghttp2-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-debuginfo-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-nghttp2-devel-0:1.29.0-9.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.src",
"7Server-JBCS:jbcs-httpd24-openssl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-debuginfo-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-devel-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-libs-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-perl-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-openssl-static-1:1.0.2n-14.jbcs.el7.x86_64",
"7Server-JBCS:jbcs-httpd24-runtime-0:1-6.jbcs.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nghttp2: Null pointer dereference when too large ALTSVC frame is received"
}
]
}
fkie_cve-2018-1302
Vulnerability from fkie_nvd
Published
2018-03-26 15:29
Modified
2024-11-21 03:59
Severity ?
Summary
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2018/03/24/5 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/103528 | Third Party Advisory, VDB Entry | |
| security@apache.org | http://www.securitytracker.com/id/1040567 | Third Party Advisory, VDB Entry | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2019:0366 | Third Party Advisory | |
| security@apache.org | https://access.redhat.com/errata/RHSA-2019:0367 | Third Party Advisory | |
| security@apache.org | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E | ||
| security@apache.org | https://security.netapp.com/advisory/ntap-20180601-0004/ | Third Party Advisory | |
| security@apache.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us | Third Party Advisory | |
| security@apache.org | https://usn.ubuntu.com/3783-1/ | Third Party Advisory | |
| security@apache.org | https://www.tenable.com/security/tns-2019-09 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2018/03/24/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103528 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040567 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0366 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0367 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180601-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3783-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2019-09 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| canonical | ubuntu_linux | 18.04 | |
| netapp | clustered_data_ontap | - | |
| netapp | santricity_cloud_connector | - | |
| netapp | storage_automation_store | - | |
| netapp | storagegrid | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "141CBF55-E282-4A6B-9A97-48941A85B723",
"versionEndIncluding": "2.4.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk."
},
{
"lang": "es",
"value": "Cuando un flujo de datos o stream HTTP/2 se destruye despu\u00e9s de haber sido manipulado, el servidor Apache HTTP en versiones anteriores a la 2.4.30 podr\u00eda escribir un puntero NULL en una memoria ya liberada. Los bloques de memoria mantenidos por el servidor hacen que sea dif\u00edcil que esta vulnerabilidad tenga lugar en configuraciones normales, el informador y el equipo no pod\u00edan reproducirla fuera de builds de depuraci\u00f3n, por lo que se clasifica como de riesgo bajo."
}
],
"id": "CVE-2018-1302",
"lastModified": "2024-11-21T03:59:34.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T15:29:00.477",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103528"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040567"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"source": "security@apache.org",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/tns-2019-09"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2018:1161-2
Vulnerability from csaf_suse
Published
2018-10-18 12:42
Modified
2018-10-18 12:42
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes the following issues:
* CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications
(SessionEnv on, not the default), a remote user may influence their content by
using a \'Session\' header leading to unexpected behavior [bsc#1086814].
* CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header,
a specially crafted request could lead to remote denial of service. [bsc#1086817]
* CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read
while preparing data to be cached in shared memory.[bsc#1086813]
* CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename,
rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]
* CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent
reply attacks was not correctly generated using a pseudo-random seed.
In a cluster of servers using a common Digest authentication configuration,
HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]
* CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset encoding when verifying the
user's credentials. If the header value is not present in the charset conversion table,
a fallback mechanism is used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en').
A header value of less than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service attack. In the more likely case, this memory
is already reserved for future use and the issue has no effect at all. [bsc#1086820]
* CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it
could have written a NULL pointer potentially to an already freed memory.
The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations,
the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
[bsc#1086820]
Patchnames
SUSE-SLE-SERVER-12-SP2-BCL-2018-803
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications \n (SessionEnv on, not the default), a remote user may influence their content by \n using a \\\u0027Session\\\u0027 header leading to unexpected behavior [bsc#1086814].\n\n * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, \n a specially crafted request could lead to remote denial of service. [bsc#1086817]\n \n * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read \n while preparing data to be cached in shared memory.[bsc#1086813]\n \n * CVE-2017-15715: a regular expression could match \u0027$\u0027 to a newline character in a malicious filename, \n rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]\n \n * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent \n reply attacks was not correctly generated using a pseudo-random seed. \n In a cluster of servers using a common Digest authentication configuration, \n HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]\n \n * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, \n uses the Accept-Language header value to lookup the right charset encoding when verifying the \n user\u0027s credentials. If the header value is not present in the charset conversion table, \n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry \n (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). \n A header value of less than two characters forces an out of bound write of one NUL byte to a \n memory location that is not part of the string. In the worst case, quite unlikely, the process \n would crash which could be used as a Denial of Service attack. In the more likely case, this memory \n is already reserved for future use and the issue has no effect at all. [bsc#1086820]\n \n * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it \n could have written a NULL pointer potentially to an already freed memory. \n The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, \n the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. \n [bsc#1086820]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1161-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1161-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181161-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1161-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004700.html"
},
{
"category": "self",
"summary": "SUSE Bug 1086774",
"url": "https://bugzilla.suse.com/1086774"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086813",
"url": "https://bugzilla.suse.com/1086813"
},
{
"category": "self",
"summary": "SUSE Bug 1086814",
"url": "https://bugzilla.suse.com/1086814"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE Bug 1086820",
"url": "https://bugzilla.suse.com/1086820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1302 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1303 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-10-18T12:42:54Z",
"generator": {
"date": "2018-10-18T12:42:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1161-2",
"initial_release_date": "2018-10-18T12:42:54Z",
"revision_history": [
{
"date": "2018-10-18T12:42:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product_id": "apache2-doc-2.4.23-29.18.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-2.4.23-29.18.2.x86_64",
"product_id": "apache2-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product_id": "apache2-prefork-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product_id": "apache2-utils-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product_id": "apache2-worker-2.4.23-29.18.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-15715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15715"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15715",
"url": "https://www.suse.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "SUSE Bug 1086774 for CVE-2017-15715",
"url": "https://bugzilla.suse.com/1086774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2018-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1283"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1283",
"url": "https://www.suse.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1086814 for CVE-2018-1283",
"url": "https://bugzilla.suse.com/1086814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "important"
}
],
"title": "CVE-2018-1283"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1302"
}
],
"notes": [
{
"category": "general",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1302",
"url": "https://www.suse.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "SUSE Bug 1086820 for CVE-2018-1302",
"url": "https://bugzilla.suse.com/1086820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-1302"
},
{
"cve": "CVE-2018-1303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1303"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1303",
"url": "https://www.suse.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "SUSE Bug 1086813 for CVE-2018-1303",
"url": "https://bugzilla.suse.com/1086813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "important"
}
],
"title": "CVE-2018-1303"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-10-18T12:42:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
suse-su-2018:1161-1
Vulnerability from csaf_suse
Published
2018-05-07 12:56
Modified
2018-05-07 12:56
Summary
Security update for apache2
Notes
Title of the patch
Security update for apache2
Description of the patch
This update for apache2 fixes the following issues:
* CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications
(SessionEnv on, not the default), a remote user may influence their content by
using a \'Session\' header leading to unexpected behavior [bsc#1086814].
* CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header,
a specially crafted request could lead to remote denial of service. [bsc#1086817]
* CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read
while preparing data to be cached in shared memory.[bsc#1086813]
* CVE-2017-15715: a regular expression could match '$' to a newline character in a malicious filename,
rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]
* CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent
reply attacks was not correctly generated using a pseudo-random seed.
In a cluster of servers using a common Digest authentication configuration,
HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]
* CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig,
uses the Accept-Language header value to lookup the right charset encoding when verifying the
user's credentials. If the header value is not present in the charset conversion table,
a fallback mechanism is used to truncate it to a two characters value to allow a quick retry
(for example, 'en-US' is truncated to 'en').
A header value of less than two characters forces an out of bound write of one NUL byte to a
memory location that is not part of the string. In the worst case, quite unlikely, the process
would crash which could be used as a Denial of Service attack. In the more likely case, this memory
is already reserved for future use and the issue has no effect at all. [bsc#1086820]
* CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it
could have written a NULL pointer potentially to an already freed memory.
The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations,
the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
[bsc#1086820]
Patchnames
SUSE-OpenStack-Cloud-7-2018-803,SUSE-SLE-SAP-12-SP2-2018-803,SUSE-SLE-SDK-12-SP3-2018-803,SUSE-SLE-SERVER-12-SP2-2018-803,SUSE-SLE-SERVER-12-SP3-2018-803
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache2 fixes the following issues:\n\n * CVE-2018-1283: when mod_session is configured to forward its session data to CGI applications \n (SessionEnv on, not the default), a remote user may influence their content by \n using a \\\u0027Session\\\u0027 header leading to unexpected behavior [bsc#1086814].\n\n * CVE-2018-1301: due to an out of bound access after a size limit being reached by reading the HTTP header, \n a specially crafted request could lead to remote denial of service. [bsc#1086817]\n \n * CVE-2018-1303: a specially crafted HTTP request header could lead to crash due to an out of bound read \n while preparing data to be cached in shared memory.[bsc#1086813]\n \n * CVE-2017-15715: a regular expression could match \u0027$\u0027 to a newline character in a malicious filename, \n rather than matching only the end of the filename. leading to corruption of uploaded files.[bsc#1086774]\n \n * CVE-2018-1312: when generating an HTTP Digest authentication challenge, the nonce sent to prevent \n reply attacks was not correctly generated using a pseudo-random seed. \n In a cluster of servers using a common Digest authentication configuration, \n HTTP requests could be replayed across servers by an attacker without detection. [bsc#1086775]\n \n * CVE-2017-15710: mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, \n uses the Accept-Language header value to lookup the right charset encoding when verifying the \n user\u0027s credentials. If the header value is not present in the charset conversion table, \n a fallback mechanism is used to truncate it to a two characters value to allow a quick retry \n (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). \n A header value of less than two characters forces an out of bound write of one NUL byte to a \n memory location that is not part of the string. In the worst case, quite unlikely, the process \n would crash which could be used as a Denial of Service attack. In the more likely case, this memory \n is already reserved for future use and the issue has no effect at all. [bsc#1086820]\n \n * CVE-2018-1302: when an HTTP/2 stream was destroyed after being handled, it \n could have written a NULL pointer potentially to an already freed memory. \n The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, \n the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk. \n [bsc#1086820]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-803,SUSE-SLE-SAP-12-SP2-2018-803,SUSE-SLE-SDK-12-SP3-2018-803,SUSE-SLE-SERVER-12-SP2-2018-803,SUSE-SLE-SERVER-12-SP3-2018-803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1161-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1161-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181161-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1161-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/003974.html"
},
{
"category": "self",
"summary": "SUSE Bug 1086774",
"url": "https://bugzilla.suse.com/1086774"
},
{
"category": "self",
"summary": "SUSE Bug 1086775",
"url": "https://bugzilla.suse.com/1086775"
},
{
"category": "self",
"summary": "SUSE Bug 1086813",
"url": "https://bugzilla.suse.com/1086813"
},
{
"category": "self",
"summary": "SUSE Bug 1086814",
"url": "https://bugzilla.suse.com/1086814"
},
{
"category": "self",
"summary": "SUSE Bug 1086817",
"url": "https://bugzilla.suse.com/1086817"
},
{
"category": "self",
"summary": "SUSE Bug 1086820",
"url": "https://bugzilla.suse.com/1086820"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15710 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1302 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1303 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1303/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1312 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1312/"
}
],
"title": "Security update for apache2",
"tracking": {
"current_release_date": "2018-05-07T12:56:41Z",
"generator": {
"date": "2018-05-07T12:56:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1161-1",
"initial_release_date": "2018-05-07T12:56:41Z",
"revision_history": [
{
"date": "2018-05-07T12:56:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.aarch64",
"product_id": "apache2-devel-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-2.4.23-29.18.2.aarch64",
"product_id": "apache2-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"product_id": "apache2-example-pages-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.aarch64",
"product_id": "apache2-prefork-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.aarch64",
"product_id": "apache2-utils-2.4.23-29.18.2.aarch64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.aarch64",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.aarch64",
"product_id": "apache2-worker-2.4.23-29.18.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product": {
"name": "apache2-doc-2.4.23-29.18.2.noarch",
"product_id": "apache2-doc-2.4.23-29.18.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-example-pages-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-prefork-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-utils-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-worker-2.4.23-29.18.2.ppc64le"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.ppc64le",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.ppc64le",
"product_id": "apache2-devel-2.4.23-29.18.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.s390x",
"product_id": "apache2-devel-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-2.4.23-29.18.2.s390x",
"product_id": "apache2-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x",
"product_id": "apache2-example-pages-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x",
"product_id": "apache2-prefork-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.s390x",
"product_id": "apache2-utils-2.4.23-29.18.2.s390x"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.s390x",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.s390x",
"product_id": "apache2-worker-2.4.23-29.18.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache2-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-2.4.23-29.18.2.x86_64",
"product_id": "apache2-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"product_id": "apache2-example-pages-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64",
"product_id": "apache2-prefork-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64",
"product_id": "apache2-utils-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64",
"product_id": "apache2-worker-2.4.23-29.18.2.x86_64"
}
},
{
"category": "product_version",
"name": "apache2-devel-2.4.23-29.18.2.x86_64",
"product": {
"name": "apache2-devel-2.4.23-29.18.2.x86_64",
"product_id": "apache2-devel-2.4.23-29.18.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-devel-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-devel-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-doc-2.4.23-29.18.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch"
},
"product_reference": "apache2-doc-2.4.23-29.18.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-example-pages-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-example-pages-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-prefork-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-prefork-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-utils-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-utils-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache2-worker-2.4.23-29.18.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64"
},
"product_reference": "apache2-worker-2.4.23-29.18.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15710"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user\u0027s credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, \u0027en-US\u0027 is truncated to \u0027en\u0027). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15710",
"url": "https://www.suse.com/security/cve/CVE-2017-15710"
},
{
"category": "external",
"summary": "SUSE Bug 1086776 for CVE-2017-15710",
"url": "https://bugzilla.suse.com/1086776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2017-15710"
},
{
"cve": "CVE-2017-15715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15715"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, the expression specified in \u003cFilesMatch\u003e could match \u0027$\u0027 to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15715",
"url": "https://www.suse.com/security/cve/CVE-2017-15715"
},
{
"category": "external",
"summary": "SUSE Bug 1086774 for CVE-2017-15715",
"url": "https://bugzilla.suse.com/1086774"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2017-15715"
},
{
"cve": "CVE-2018-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1283"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1283",
"url": "https://www.suse.com/security/cve/CVE-2018-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1086814 for CVE-2018-1283",
"url": "https://bugzilla.suse.com/1086814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "important"
}
],
"title": "CVE-2018-1283"
},
{
"cve": "CVE-2018-1301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1301"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1301",
"url": "https://www.suse.com/security/cve/CVE-2018-1301"
},
{
"category": "external",
"summary": "SUSE Bug 1086817 for CVE-2018-1301",
"url": "https://bugzilla.suse.com/1086817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "important"
}
],
"title": "CVE-2018-1301"
},
{
"cve": "CVE-2018-1302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1302"
}
],
"notes": [
{
"category": "general",
"text": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1302",
"url": "https://www.suse.com/security/cve/CVE-2018-1302"
},
{
"category": "external",
"summary": "SUSE Bug 1086820 for CVE-2018-1302",
"url": "https://bugzilla.suse.com/1086820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-1302"
},
{
"cve": "CVE-2018-1303",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1303"
}
],
"notes": [
{
"category": "general",
"text": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1303",
"url": "https://www.suse.com/security/cve/CVE-2018-1303"
},
{
"category": "external",
"summary": "SUSE Bug 1086813 for CVE-2018-1303",
"url": "https://bugzilla.suse.com/1086813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "important"
}
],
"title": "CVE-2018-1303"
},
{
"cve": "CVE-2018-1312",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1312"
}
],
"notes": [
{
"category": "general",
"text": "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1312",
"url": "https://www.suse.com/security/cve/CVE-2018-1312"
},
{
"category": "external",
"summary": "SUSE Bug 1086775 for CVE-2018-1312",
"url": "https://bugzilla.suse.com/1086775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:apache2-worker-2.4.23-29.18.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:apache2-devel-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-doc-2.4.23-29.18.2.noarch",
"SUSE OpenStack Cloud 7:apache2-example-pages-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-prefork-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-utils-2.4.23-29.18.2.x86_64",
"SUSE OpenStack Cloud 7:apache2-worker-2.4.23-29.18.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-07T12:56:41Z",
"details": "moderate"
}
],
"title": "CVE-2018-1312"
}
]
}
ghsa-x452-9h59-82pg
Vulnerability from github
Published
2022-05-13 01:09
Modified
2022-05-13 01:09
Severity ?
VLAI Severity ?
Details
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
{
"affected": [],
"aliases": [
"CVE-2018-1302"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-26T15:29:00Z",
"severity": "MODERATE"
},
"details": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"id": "GHSA-x452-9h59-82pg",
"modified": "2022-05-13T01:09:39Z",
"published": "2022-05-13T01:09:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1302"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3783-1"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180601-0004"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103528"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040567"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2018-1302
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1302",
"description": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"id": "GSD-2018-1302",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1302.html",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://ubuntu.com/security/CVE-2018-1302",
"https://advisories.mageia.org/CVE-2018-1302.html",
"https://security.archlinux.org/CVE-2018-1302",
"https://alas.aws.amazon.com/cve/html/CVE-2018-1302.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1302"
],
"details": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"id": "GSD-2018-1302",
"modified": "2023-12-13T01:22:37.360310Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-03-23T00:00:00",
"ID": "CVE-2018-1302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "2.4.17 to 2.4.29"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible write of after free on HTTP/2 stream shutdown"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"name": "103528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103528"
},
{
"name": "1040567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040567"
},
{
"name": "USN-3783-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.29",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-1302"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20180323 CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2018/03/24/5"
},
{
"name": "1040567",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040567"
},
{
"name": "103528",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103528"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180601-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180601-0004/"
},
{
"name": "USN-3783-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3783-1/"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03909en_us"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2019-09",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [11/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1888194 [11/13] - /httpd/site/trunk/content/security/json/",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-06-06T11:15Z",
"publishedDate": "2018-03-26T15:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…